Network Advertising Initiative Proposes New Mobile Privacy Rules

Moving forward with its plan to issue mobile privacy rules, the self-regulatory group Network Advertising Initiative this week provided members with a draft version
of a code of conduct regarding information collected from apps.

The draft rules deal with behavioral targeting, or serving ads based on data collected across more than one app. The
organization expects to finalize its Mobile Application Code by next month, according to NAI Executive Director Marc Groman.

As with longstanding privacy rules for data collected from desktop
units, the proposed mobile rules, which were provided to Online Media Daily, require companies to let people opt out of receiving behaviorally targeted ads on mobile devices.

Even if
people opt out, the proposed NAI code allows ad networks to continue to collect data “non-personally identifiable” data for some purposes, including analytics, ad optimization and
frequency capping. The NAI says data connected to a particular device -- as opposed to a person -- is “non-personally identifiable.”

But the NAI also proposes requiring companies
to either discard that information, or else “de-identify” it (meaning that it's no longer linkable to particular devices), as soon as the data is no longer needed.

As with
non-mobile privacy rules, the NAI's proposal would require members to obtain opt-in consent before collecting personally identifiable information (names, addresses and phone numbers) and
“sensitive” information, including financial account numbers, and precise information about medical conditions.

The draft rules also address certain types of information unique to
mobile, like geolocation data and “personal directory data” -- which includes address books, photos or videos stored on devices and logs of phone calls. The NAI proposes that its members
obtain opt-in consent before collecting either geolocation data or personal directory data.

The proposed new code also requires member companies to inform consumers about the details of
cross-app advertising. Among other items, companies must inform consumers about the type of data collected, how it will be transferred to third parties, and how long it will be retained.

The
NAI counts around 90 ad networks (and other ad tech companies that collect data or serve ads) as members. The umbrella group Digital Advertising Alliance -- which includes the Interactive Advertising
Bureau, Direct Marketing Association, Association of National Advertisers, and American Association of Advertising Agencies -- also is expected to soon unveil its mobile privacy guides.

In the
last year, officials have increasingly put the spotlight on mobile privacy. The Federal Trade Commission and California Attorney General separately recommended that ad networks address mobile privacy.
The Commerce Department also has convened several meetings between a broad array of online companies and advocates, in an attempt to forge a consensus on mobile privacy guidelines.